* refs/pull/40870/head:
auth/cephx: make KeyServer::build_session_auth_info() less confusing
auth/cephx: cap ticket validity by expiration of "next" key
auth/cephx: drop redundant KeyServerData::get_service_secret() overload
Reviewed-by: Sage Weil <sage@redhat.com>
* refs/pull/40711/head:
mgr/cephadm: fix nfs-rgw stray daemon
Reviewed-by: Guillaume Abrioux <gabrioux@redhat.com>
Reviewed-by: Adam King <adking@redhat.com>
Reviewed-by: Juan Miguel Olmo <jolmomar@redhat.com>
Reviewed-by: Michael Fritch <mfritch@suse.com>
in 5505fc0051, during rebasing against
master it was set to 12_hr by accident.
this setting was changed to 72_hr in
522a52e6c2
Signed-off-by: Kefu Chai <kchai@redhat.com>
mgr/cephadm: report exception during upgrade in upgrade status
Reviewed-by: Michael Fritch <mfritch@suse.com>
Reviewed-by: Juan Miguel Olmo <jolmomar@redhat.com>
* refs/pull/40828/head:
mds: set fscrypt flag on create if xattr buffer has an encryption context
Reviewed-by: Patrick Donnelly <pdonnell@redhat.com>
Reviewed-by: Xiubo Li <xiubli@redhat.com>
* refs/pull/40539/head:
cephfs-top: set the cursor to be invisible
cephfs-top: self-adapt the display according the window size
cephfs-top: use the default window object from curses.wrapper()
cephfs-top: improve the output
Reviewed-by: Patrick Donnelly <pdonnell@redhat.com>
Reviewed-by: Venky Shankar <vshankar@redhat.com>
* refs/pull/40412/head:
vstart_runner: reuse code in LocalRemoteProcess
Reviewed-by: Xiubo Li <xiubli@redhat.com>
Reviewed-by: Patrick Donnelly <pdonnell@redhat.com>
* refs/pull/39660/head:
qa: Update the mdsmap schema in mgr/dashboard/test_health.py
doc: add lsflags command to Administrative Commands document
qa: test fs lsflags command
mon: add command to print fs flags
mds: print each flag value
Reviewed-by: Patrick Donnelly <pdonnell@redhat.com>
Reviewed-by: Ernesto Puerta <epuertat@redhat.com>
nfs-rgw registers under a gid cephadm needs covert that to its known name during the stray daemon check
Signed-off-by: Daniel Pivonka <dpivonka@redhat.com>
otherwise the "home-icon" and the right most "Edit on GitHub" are displayed
right next to the left and right borders of the top-bar.
Signed-off-by: Kefu Chai <kchai@redhat.com>
The test is often run on heavily loaded machines which will effect the
precision of the test.
Fixes: https://tracker.ceph.com/issues/50378
Signed-off-by: Patrick Donnelly <pdonnell@redhat.com>
The second KeyServer::build_session_auth_info() overload is used only
by the monitor, for mon <-> mon authentication. The monitor passes in
service_secret (mon secret) and secret_id (-1). The TTL is irrelevant
because there is no rotation.
However the signature doesn't make it obvious. Clarify that
service_secret and secret_id are input parameters and info is the only
output parameter.
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
to silence the health warning of "mons are allowing insecure global_id
reclaim", which prevents the cluster from being active+clean. couple
tests are expecting a warning free cluster before they starts.
as this option is enabled by default for appeasing the old clients, but when it
comes to most of upstream testing, we can just disable it.
Fixes: https://tracker.ceph.com/issues/50374
Signed-off-by: Kefu Chai <kchai@redhat.com>
If auth_mon_ticket_ttl is increased by several times as done in
commit 522a52e6c2 ("auth/cephx: rotate auth tickets less often"),
active clients eventually get stuck because the monitor sends out an
auth ticket with a bogus validity. The ticket is secured with the
"current" secret that is scheduled to expire according to the old TTL,
but the validity of the ticket is set to the new TTL. As a result,
the client simply doesn't attempt to renew, letting the secrets rotate
potentially more than once. When that happens, the client first hits
auth authorizer errors as it tries to renew service tickets and when
it finally gets to renewing the auth ticket, it hits the insecure
global_id reclaim wall.
Cap TTL by expiration of "next" key -- the "current" key may be
milliseconds away from expiration and still be used, legitimately.
Do it in KeyServerData alongside key rotation code and propagate the
capped TTL to the upper layer.
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
This will allow change the window size when the cephfs-top tool is
running and will adapt the display according to the real time window
size.
Fixes: https://tracker.ceph.com/issues/50091
Signed-off-by: Xiubo Li <xiubli@redhat.com>
When adding more metrics the top line will be too long and maybe
wrapped with serval lines, which will make it hard to read.
Signed-off-by: Xiubo Li <xiubli@redhat.com>
